From ad223e0398ac83e5235bb2211fc7f8c66cc7ccc5 Mon Sep 17 00:00:00 2001
From: Fabien O'Carroll <fabien@allou.is>
Date: Thu, 16 Jan 2014 11:04:08 +0000
Subject: [PATCH 1/5] Removing getVisibility references

---
 lib/db/mysql.js           | 9 ---------
 lib/db/sql_templates.json | 1 -
 lib/db/sqlite.js          | 9 ---------
 lib/models/bin.js         | 3 ---
 lib/store.js              | 1 -
 5 files changed, 23 deletions(-)

diff --git a/lib/db/mysql.js b/lib/db/mysql.js
index 9395b8ee..5267aa68 100644
--- a/lib/db/mysql.js
+++ b/lib/db/mysql.js
@@ -448,15 +448,6 @@ module.exports = utils.inherit(Object, {
       }
     });
   },
-  getVisibility: function(bin, fn) {
-    var sql = templates.getVisibility;
-    this.connection.query(sql, [bin.url, bin.revision], function(err, result) {
-      if (err) {
-        return fn(err);
-      }
-      fn(null, result[0] ? result[0].visibility : false);
-    });           
-  },
   getBinMetadata: function(bin, fn) {
     var sql = templates.getBinMetadata;             
     this.connection.query(sql, [bin.url, bin.revision], function(err, result) {
diff --git a/lib/db/sql_templates.json b/lib/db/sql_templates.json
index 4f11abe5..4ffaa999 100644
--- a/lib/db/sql_templates.json
+++ b/lib/db/sql_templates.json
@@ -34,7 +34,6 @@
   "reportBin": "UPDATE `sandbox` SET `reported`=? WHERE `url`=? AND `revision`=? AND `active`='y'",
   "isOwnerOf": "SELECT name=? as `owner` FROM `owners` WHERE `url`=? AND `revision`=1",
   "getUserBinCount": "SELECT COUNT(*) as total FROM `owners` WHERE `name`=?",
-  "getVisibility": "SELECT * FROM `owners` WHERE `url`=? AND `revision`=?",
   "setBinVisibility": "UPDATE `owners` SET `visibility`=? WHERE `name`=? AND `url`=?",
   "getBinMetadata": "SELECT * FROM `owners` AS `o`, `ownership` AS `os` WHERE o.name=os.name AND o.url=? AND o.revision=?",
   "setProAccount": "UPDATE ownership SET `pro`=?, `updated`=? WHERE `name`=?"
diff --git a/lib/db/sqlite.js b/lib/db/sqlite.js
index 1cce9165..973fec68 100644
--- a/lib/db/sqlite.js
+++ b/lib/db/sqlite.js
@@ -520,15 +520,6 @@ module.exports = utils.inherit(Object, {
       }
     });
   },
-  getVisibility: function(bin, fn) {
-    var sql = templates.getVisibility;
-    this.connection.get(sql, [bin.url, bin.revision], function(err, result) {
-      if (err) {
-        return fn(err);
-      }
-      fn(null, result[0] ? result[0].visibility : false);
-    });           
-  },
   getBinMetadata: function(bin, fn) {
     var sql = templates.getBinMetadata;             
     this.connection.get(sql, [bin.url, bin.revision], function(err, result) {
diff --git a/lib/models/bin.js b/lib/models/bin.js
index 91c49e5c..3279857e 100644
--- a/lib/models/bin.js
+++ b/lib/models/bin.js
@@ -79,9 +79,6 @@ module.exports = Observable.extend({
   report: function (params, fn) {
     this.store.reportBin.apply(this.store, arguments);
   },
-  getVisibility: function(bin, fn) {
-    this.store.getVisibility(bin, fn);           
-  },
   getBinMetadata: function(bin, fn) {
     this.store.getBinMetadata(bin, fn);                 
   },
diff --git a/lib/store.js b/lib/store.js
index 695d5d56..c9ede8c8 100644
--- a/lib/store.js
+++ b/lib/store.js
@@ -47,7 +47,6 @@ var methods = [
   'getUserBinCount',
   'populateOwners',
   'getOne',
-  'getVisibility',
   'getBinMetadata',
   'setBinVisibility',
   'setProAccount'

From 1e041e7d331f65d22928f6fe6878a88418b8bee5 Mon Sep 17 00:00:00 2001
From: Fabien O'Carroll <fabien@allou.is>
Date: Thu, 16 Jan 2014 12:11:03 +0000
Subject: [PATCH 2/5] check that user owns bin when setting visibility

---
 lib/db/mysql.js  | 7 +++++--
 lib/db/sqlite.js | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/lib/db/mysql.js b/lib/db/mysql.js
index 5267aa68..e7f29039 100644
--- a/lib/db/mysql.js
+++ b/lib/db/mysql.js
@@ -460,13 +460,16 @@ module.exports = utils.inherit(Object, {
       });
     });           
   },
-  setBinVisibility: function(bin, value, fn) {
+  setBinVisibility: function(bin, name, value, fn) {
     var sql = templates.setBinVisibility, params = [
       value, bin.metadata.name, bin.url  
     ]; 
+    if (bin.metadata.name !== name) {
+      return fn(301);  
+    }
     this.connection.query(sql, params, function(err, result) {
       if (err) {
-        return fn(err);
+        return fn(500);
       }
       fn(err, result);
     });
diff --git a/lib/db/sqlite.js b/lib/db/sqlite.js
index 973fec68..25032f57 100644
--- a/lib/db/sqlite.js
+++ b/lib/db/sqlite.js
@@ -532,13 +532,16 @@ module.exports = utils.inherit(Object, {
       });
     });           
   },
-  setBinVisibility: function(bin, value, fn) {
+  setBinVisibility: function(bin, name, value, fn) {
     var sql = templates.setBinVisibility, params = [
       value, bin.metadata.name, bin.url  
     ]; 
+    if (bin.metadata.name !== name) {
+      return fn(301) 
+    }
     this.connection.run(sql, params, function(err, result) {
       if (err) {
-        return fn(err);
+        return fn(500);
       }
       fn(err, result);
     });

From 766e5f6b76ca55fac45075766455193aedce691c Mon Sep 17 00:00:00 2001
From: Fabien O'Carroll <fabien@allou.is>
Date: Thu, 16 Jan 2014 12:11:54 +0000
Subject: [PATCH 3/5] Updating bin model to take username param

---
 lib/models/bin.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/models/bin.js b/lib/models/bin.js
index 3279857e..2a2a3a5d 100644
--- a/lib/models/bin.js
+++ b/lib/models/bin.js
@@ -82,7 +82,7 @@ module.exports = Observable.extend({
   getBinMetadata: function(bin, fn) {
     this.store.getBinMetadata(bin, fn);                 
   },
-  setBinVisibility: function(bin, value, fn) {
-    this.store.setBinVisibility(bin, value, fn);                  
+  setBinVisibility: function(bin, name, value, fn) {
+    this.store.setBinVisibility(bin, name, value, fn);                  
   }
 });

From fe3553eba075dda90cf87ce2285d45864cf40e9d Mon Sep 17 00:00:00 2001
From: Fabien O'Carroll <fabien@allou.is>
Date: Thu, 16 Jan 2014 12:13:35 +0000
Subject: [PATCH 4/5] Padding req.session.name into setBinVisibility

---
 lib/handlers/bin.js | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/handlers/bin.js b/lib/handlers/bin.js
index 5f6069df..66965769 100644
--- a/lib/handlers/bin.js
+++ b/lib/handlers/bin.js
@@ -361,17 +361,20 @@ module.exports = Observable.extend({
     if (!req.session.user || !req.session.user.pro) {
       return res.send(301);
     }
-    this.models.bin.setBinVisibility(req.bin, 'private', function(err, bin){
+    this.models.bin.setBinVisibility(req.bin, req.session.name, 'private', function(err, bin){
       if (err) {
-        res.send(500);
+        res.send(err);
       }
       res.send(200, 'OK');
     });
   },
   setBinAsPublic: function(req, res, next) {
-    this.models.bin.setBinVisibility(req.bin, 'public', function(err, bin){
+    if (!req.session.user || !req.session.user.pro) {
+      return res.send(301);
+    }
+    this.models.bin.setBinVisibility(req.bin, req.session.name, 'public', function(err, bin){
       if (err) {
-        res.send(500);
+        res.send(err);
       }
       res.send(200, 'OK');
     });

From db11795ba4b51a84f9dfa5c1c78e3f2afb44ed55 Mon Sep 17 00:00:00 2001
From: Fabien O'Carroll <fabien@allou.is>
Date: Thu, 16 Jan 2014 12:25:33 +0000
Subject: [PATCH 5/5] Passing in name rather than metadata.name, check for
 metadata existing

---
 lib/db/mysql.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/db/mysql.js b/lib/db/mysql.js
index e7f29039..5d1d686d 100644
--- a/lib/db/mysql.js
+++ b/lib/db/mysql.js
@@ -462,9 +462,9 @@ module.exports = utils.inherit(Object, {
   },
   setBinVisibility: function(bin, name, value, fn) {
     var sql = templates.setBinVisibility, params = [
-      value, bin.metadata.name, bin.url  
+      value, name, bin.url  
     ]; 
-    if (bin.metadata.name !== name) {
+    if (!bin.metadata || bin.metadata.name !== name) {
       return fn(301);  
     }
     this.connection.query(sql, params, function(err, result) {